11 November 2016

Here is a script that will gather a list of local administrators on a machine. The script can report the list to SCCM by writing the list to a WMI entry. It can also write the list to a text file at a specified location for admins that do not have SCCM. The text file is named <%COMPUTERNAME%>.txt. You can do both SCCM reporting and text file reporting if desired.

To implement this into SCCM, run the script once on a machine with the following command line:

powershell.exe -file LocalAdmins.ps1 -SCCMReporting

Once this has executed, do the following:

Open the SCCM console

Click on Administration

Click Client Settings

Right-click Default Client Settings

Left-click Properties

Click Hardware Inventory

Click Set Classes

Click Add

Click Connect

Enter the computer name of the system you ran the script on

Check Recursive

Check Credentials required

Enter the domain\username for user name

Enter the associated password

Click Connect

Once the list of classes appears, click on Class Name to sort the classes

Scroll down to find Local_Administrators and check the box to the left

Click OK

Click OK

Click OK

Now go back to the machine you ran the script on and run a hardware inventory to send the data up to SCCM. It will take a few minutes until the data appears in SCCM

The next step is to setup the script to execute through SCCM as a package. The script will need to be executed on a routine basis if you want it to be reported regularly to SCCM. As a package, the following pictures show how I have it configured in SCCM.

Finally, you will want to be able to look at the results. You can create a query to show the systems that have reported users in the local administrators group. Here is the WQL I use: